Vulnerability CVE-2019-12402 - CERT Civis.Net

Vulnerability Name:

CVE-2019-12402 (CCN-165956)

Assigned:

2019-08-27

Published:

2019-08-27

Updated:

2022-05-14

Summary:

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2019-12402

Source: CCN
Type: Apache Web site
Commons Compress

Source: XF
Type: UNKNOWN
apache-commons-cve201912402-dos(165956)

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b@%3Cdev.commons.apache.org%3E

Source: MLIST
Type: Issue Tracking, Mailing List, Patch, Third Party Advisory
[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Mailing List, Third Party Advisory
[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402

Source: MLIST
Type: Issue Tracking, Mailing List, Third Party Advisory
[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-c96a8d12b0

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2019-da0eac1eb6

Source: CCN
Type: oss-sec Mailing List, Tue, 27 Aug 2019 21:15:48 +0200
[CVE-2019-12402] Apache Commons Compress denial of service vulnerability

Source: CCN
Type: IBM Security Bulletin 1072510 (Tivoli Storage Productivity Center)
Apache Commons Compress vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 1072714 (Content Navigator)
IBM Content Navigator is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 1109775 (Transparent Cloud Tiering)
IBM Transparent Could Tiering is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 1127397 (WebSphere Application Server in Cloud)
Multiple Security Vulnerabilities Affect IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 1146568 (Watson Studio Local)
Vulnerabilities in Apache Commons Compress affects IBM Watson Studio Local

Source: CCN
Type: IBM Security Bulletin 1165906 (Cloud Private)
IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 1171096 (InfoSphere Streams)
Vulnerabilities in Apache Commons Compress

Source: CCN
Type: IBM Security Bulletin 1282006 (Cloud Pak System)
Vulnerability in IBM Websphere Application Server Liberty used by IBM Cloud Pak System (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 1283920 (Business Process Manager)
An Apache Commons Compress vulnerability has been identified with the embedded IBM FileNet P8 Content Platform Engine component in IBM Business Process Manager and IBM Business Automation Workflow

Source: CCN
Type: IBM Security Bulletin 1284568 (Control Center)
Websphere denial-of-service vulnerability affects IBM Control Center (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 2403657 (Network Performance Insight)
Vulnerability affecting IBM Network Performance Insight (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 3176943 (Spectrum Protect Plus)
Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402).

Source: CCN
Type: IBM Security Bulletin 3608133 (MobileFirst Platform Foundation)
MobileFirst Platform Foundation is affected by WebSphere Application Server Liberty is affected by Apache Commons Compress vulnerability (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 6198380 (DB2 for Linux- UNIX and Windows)
Multiple vulnerabilities in dependent libraries affect IBM Db2 leading to denial of service or privilege escalation.

Source: CCN
Type: IBM Security Bulletin 6210366 (Monitoring)
Multiple vulnerabilities have been identified in DB2 that affect the IBM Performance Management product

Source: CCN
Type: IBM Security Bulletin 6251995 (NovaLink)
Novalink is impacted by Denial of service vulnerability in WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6257799 (Event Streams)
IBM Event Streams is affected by a vulnerability in Apache Commons Compress (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 6324799 (Spectrum Protect Plus)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6378366 (Cognos Business Intelligence)
IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)

Source: CCN
Type: IBM Security Bulletin 6444777 (Log Analysis)
Vulnerability in Apache Commons Compress affect Apache Solr shipped IBM Operations Analytics - Log Analysis Analysis (CVE-2019-12402)

Source: CCN
Type: IBM Security Bulletin 6444895 (Db2 Warehouse)
IBM Db2 Warehouse has released a fix in response to multiple vulnerabilities found in IBM Db2

Source: CCN
Type: IBM Security Bulletin 6451705 (Cognos Analytics)
IBM Cognos Analytics has addressed multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6570915 (Data Risk Manager)
IBM Data Risk Manager is affected by multiple vulnerabilities including a remote code execution in Spring Framework (CVE-2022-22965)

Source: CCN
Type: IBM Security Bulletin 6605881 (PureData System for Operational Analytics)
Multiple security vulnerabilities have been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: N/A
Type: Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUApr2020
Oracle Critical Patch Update Advisory - April 2020

Source: N/A
Type: Third Party Advisory
N/A

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2021
Oracle Critical Patch Update Advisory - April 2021

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2021
Oracle Critical Patch Update Advisory - January 2021

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Source: CCN
Type: Oracle CPUOct2020
Oracle Critical Patch Update Advisory - October 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html

Source: MISC
Type: Not Applicable, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-12402

Vulnerable Configuration:

Configuration 1:

cpe:/a:apache:commons-compress:*:*:*:*:*:*:*:* (Version >= 1.15 and <= 1.18)

Configuration 2:

cpe:/o:fedoraproject:fedora:30:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_payments:*:*:*:*:*:*:*:* (Version >= 14.1.0 and <= 14.4.0)

OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0 and <= 8.2.2)

OR cpe:/a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:*:*:*:*:*:*:*:* (Version >= 18.8.0 and <= 18.8.8)

OR cpe:/a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:communications_element_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0 and <= 8.2.2)

OR cpe:/a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* (Version >= 8.2.0 and <= 8.2.2)

OR cpe:/a:oracle:essbase:21.2:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*

OR cpe:/a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:apache:commons_compress:1.15:*:*:*:*:*:*:*

OR cpe:/a:apache:commons_compress:1.16:*:*:*:*:*:*:*

OR cpe:/a:apache:commons_compress:1.17:*:*:*:*:*:*:*

OR cpe:/a:apache:commons_compress:1.18:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:control_center:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.5.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:cognos_analytics:11.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:monitoring:8.1.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:18.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:18.0.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*

OR cpe:/a:ibm:transparent_cloud_tiering:1.1.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:transparent_cloud_tiering:1.1.5.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.10.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.11:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.12:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.13:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.14:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.15.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.16:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.17.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.17.1:*:standard:*:*:*:*:*

OR cpe:/a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cognos_analytics:11.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.2.17.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

OR cpe:/a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_system:2.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:transparent_cloud_tiering:1.1.3.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:transparent_cloud_tiering:1.1.7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_studio_local:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.0:cd:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_streams:4.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:mobilefirst_platform_foundation:7.1.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:18.8.8:*:*:*:*:*:*:*

OR cpe:/a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:log_analysis:1.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:linux:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:unix:*:*

OR cpe:/a:ibm:db2:11.5:*:*:*:*:windows:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201912402	V	CVE-2019-12402	2023-06-22
oval:org.opensuse.security:def:7987	P	apache-commons-compress-1.21-150200.3.13.4 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:3364	P	shadow-4.2.1-34.20 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94994	P	apache-commons-compress-1.21-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:1374	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) (Important)	2022-06-06
oval:org.opensuse.security:def:111939	P	apache-commons-compress-1.21-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105505	P	apache-commons-compress-1.21-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:62989	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72708	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100824	P	e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101247	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1900	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66791	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:66699	P	Security update for openssl-1_0_0 (Important)	2020-12-11
oval:org.opensuse.security:def:72651	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94111	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107490	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1843	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117048	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62932	P	apache-commons-compress-1.19-1.63 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:70042	P	fetchmailconf on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:70147	P	apache-commons-compress on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73482	P	apache-commons-compress on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49761	P	python3-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49815	P	apache-commons-compress on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73364	P	ImageMagick on GA media (Moderate)	2020-12-01
oval:com.ubuntu.disco:def:2019124020000000	V	CVE-2019-12402 on Ubuntu 19.04 (disco) - medium.	2019-08-30
oval:com.ubuntu.bionic:def:2019124020000000	V	CVE-2019-12402 on Ubuntu 18.04 LTS (bionic) - medium.	2019-08-30
oval:com.ubuntu.xenial:def:2019124020000000	V	CVE-2019-12402 on Ubuntu 16.04 LTS (xenial) - medium.	2019-08-30